Presire: community verdicts

5 notable / known-exploited Presire CVEs the community has triaged.

ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Presire CVE, see NVD ↗.

CVE-2026-41047MED 5.5EPSS 0%
Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information.
CVE-2026-41046HIGH 7.3Real · low riskEPSS 0%
A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.
CVE-2026-41048HIGH 7.1Real · low riskEPSS 0%
Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot".
CVE-2026-41049HIGH 7.1Real · low riskEPSS 0%
Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them.
CVE-2026-41045HIGH 8.1Real · low riskEPSS 0%
A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.